Managed Security Services Portfolio Managed Security Services Professional Services Security Hardware and Software What is on the truck IBM ISS
Agenda An introduction and statement of capability Virtual SOC Service delivery Managed Security Services - Managed Firewall, IDS, IPS, UTM Services - Managed Protection Services - Service Level Agreements - Identity and Access Management (IAM) Services - Managed Data Security Services Enablement Services - Security and Event Log Management - Vulnerability Management Services - X-Force Threat Analysis Services - Email and Web Security Power of the Integration Customer Portal Conclusion 2
An introduction and statement of capability
16 Years of Innovation 1992 First Vulnerability Detection System (Shareware) 2005 ISS MSS Magic Quadrant Leader 2004 Enterprise Security Platform 2001 First IPS & Site Protector Management 1999 First correlation SMS (Safesuite Decisions) 1998 First integrated host/network security solution 1996 First Intrusion Detection System (RealSecure) 1994 First commercial vulnerability scanner (Internet Scanner) 2007 ISS MSS Magic Quadrant Leader 2006 Proventia Enterprise Scanner & ADS 4
Only IBM Security is backed by the IBM X-Force research team Research Technology Solutions Original Vulnerability Research Public Vulnerability Analysis X-Force Protection Engines Extensions to existing engines New protection engine creation X-Force XPU s Managed Security Services Malware Analysis Threat Landscape Forecasting Security Content Update Development Security Content Update QA X-Force Intelligence Professional Services Security Hardware and Software Protection Technology Research X-Force Database Feed Monitoring and Collection Intelligence Sharing The X-Force team delivers reduced operational complexity helping to build integrated technologies that feature baked-in simplification 5
Virtual Security Operations Center (VSOC) Managed Security Services Security Enablement Services Managed and Monitored Firewall Services Managed Identity Services Managed IPS and IDS Services Managed UTM Services Managed Protection Services for Networks, Servers and Desktops Vulnerability Management Services Security Event Management Services Secure Log Management Services IBM ISS X-Force Threat Analysis Services Managed E-mail Security Managed Web Security Multiple Device Types & Vendors Supported 6
Virtual Security Operation Center - VSOC
Global Security Reach and Expertise 8 Security Operations Centers 7 Security Research Centers 133 Monitored Countries 20,000+ Devices under Contract 3,700+ MSS Clients Worldwide 4 Billion+ Events Per Day Additionally: 3,500-4,000 Practitioners Worldwide Thousands of PSS engagements delivered annually Global and local PSS security expertise 8
Internet Security Systems Virtual SOC X-Force Protection System Portal Database ATLANTA DETROIT TOKYO BRUSSELS BRISBANE Internet Best-of-Breed Security Platform Support Systrust & SAS-70 Certified SOC Security Incident Escalation UTM Completely Web-Driven Interface Standard & Customizable Reporting IDS/IPS Managed Network Firewall MSS Portal Industry Leading Performance-based SLAs Access to Security Intelligence (XFTAS) 24/7 Expert Monitoring and Management 9
Managed Security Services Deployment & Services for Email & Web In the cloud Email Anti-Virus Anti-Spam Image & Content Control In the cloud Web Anti-Virus Anti-Spyware URL Filtering 10
World Class: People, Processes and Technology Processes People Technology 11
Managed Security Delivery Organization Deployment & Integration Global Service Deployment Project Management Security Operations Center 24x7 Global Delivery Operations Focused Workload Customer Advocacy Customer Relationship Management Global Presence Engineering SOC Tools & Portal Development Dedicated Infrastructure Management Threat Intelligence Dedicated MSS Intelligence Deployment Architecture Operations Advocacy Engineering 12 12
Managed Security Services (MSS)
Breadth of Services Managed Security Services Key Benefits Protect company assets, brand reputation and business continuity with 24x7 reliable monitoring and management Reduces in-house security costs by up to 55 percent Achieves security compliance with industry and governmental regulations Maximizes existing security investments Improves productivity by freeing IT resources to focus on strategic initiatives Reassures clients, partners and shareholders that critical data is protected by trusted resources Reduces operational complexity 14
Managed Services: Managed Security Services (MSS) Industry Proven Managed Security Services Managed Intrusion Detection/Prevention Service Network, Server/Host Managed Firewall Unified Threat Management (UTM) Customizable support for best-of-breed multi-function devices Protection (FW-VPN/IPS) and/or Content (URL Filtering/AV/AntiSpam) packages Multi-Vendor Security Technology Support IBM ISS, Cisco, Juniper McAfee, Sourcefire CheckPoint Best-in-Class Service Level Agreements Multiple Service Level Options Standard, Select, Premium Industry Leading Customer Portal Embedded X-Force Intelligence 15 15
Managed Security Services (MSS) If you remember one thing Best of Breed Technology Support 10 Years of Experience Industry Leading SLAs MSS Portal included XForce Integrated 16
Managed Protection Services (MPS)
Managed Services: Managed Protection Services (MPS) Guaranteed Protection Based on IBM ISS Security Technologies Proventia G (ID/PS) Proventia Server Proventia Desktop Best-in-Class Service Level Agreements Performance based SLAs Multiple Service Level Options Standard, Select, Premium Choose services per device for custom solutions Industry Leading Customer Portal Embedded X-Force Intelligence 18 18
Managed Protection Services (MPS) If you remember one thing Protection SLA Guarantee up to 25.000 Warranty Program up to 50.000 Performance Based SLAs 19
Service Level Agreement (SLA)
Managed Security Services Provides Breadth of Coverage Across a Diverse set of Markets Device & Policy Management AI Alerting Eyes On Monitoring MSS Standard X X MSS Select / Premium Or with Event monitoring option X X X 21
Managed Security Services SLAs Security Incident Prevention All exploits on the X-Force Certified Attack List (XFCAL) will be blocked. Security Incident Identification All priority 1, 2 and 3 level security incidents will be identified by the SOC. Security Incident Response All security incidents will be escalated within 15 minutes of identification. Intrusion Event Countermeasure Countermeasures will be implemented 30 minutes after customer approval for all priority 1 incidents. Policy Change Acknowledgement All policy changes will be acknowledged within 2 hours of receipt. Policy Change Implementation All policy changes will be implemented within 8 hours of receipt (Select Level). Proactive System Monitoring 15 minute customer notification of any MPS device unreachable. Proactive Security Content Update Security content updates will be applied within 48-hours of release. Customer Portal 99.9% accessibility to the MSS customer portal Internet Emergency 15 minute notification of the declaration of an Internet Emergency. The industry s first and only SLAs with skin in the game 22 22
Identity and Access Management Services Data Security Services
IBM ISS Identity and Access Management (IAM) Services Providing security-rich access to business assets and resources Identity assessment and strategy services give organizations an understanding of the current state of their identity management environment and provides a strategy and roadmap for improving their current IAM posture User Provisioning Services help clients set up, secure and manage the lifecycle of their user accounts leveraging IBM Tivoli Identity Manager Software Web Access Management Services help organizations manage and validate user access to devices, applications and systems leveraging IBM Tivoli Access Manager software Enterprise Single Sign On Services help organizations relieve password headaches with Tivoli Access Manager for Enterprise Single Sign on --a proven single-sign on solution across all network access points Managed Identity Services provides a secure identity management solution, through either an IBM hosted or client premise model, that supports compliance while enabling collaboration across a diverse user base. 24
IBM ISS Data Security Services Reducing cost and complexity of data protection by managing and optimizing across key control points 1) Enterprise Content Protection (ECP) Network Data Loss Prevention (DLP) Enterprise Data Loss Prevention (DLP) (Endpoint DLP + Network DLP) Requirements and planning workshop 2) Endpoint Data Protection (EDP) Endpoint Encryption Discovery Assessment Endpoint Data Loss Prevention (DLP) 3) Activity Compliance Monitoring & Reporting (ACMR) Log Analysis Management Policy Design Implementation 25
Enablement Services
Breadth of Services Enablement Services Key Benefits Centralized command center to monitor and control Virtual-SOC services Run queries and generate reports on multi-vendor security devices, security events, service level agreement (SLA) activity and more Automated analysis of security events and logs alerts for remediation Unlimited archive system stores one year of online event/log storage and seven years of offline archiving Authorized access to portal for increased internal protection Integrated with X-Force security intelligence feeds and daily threat assessments 27
Enablement Services: Security Event & Log Management Log and Event Collection & Archival Syslog, Universal Logging Agent (ULA) On Site Aggregation, Compression, Encryption Secured Communications Forensically Sound Storage Automated Alerting (Select Level Only) SOC Event monitoring - Security Incident Tracking Industry Leading Customer Portal Embedded X-Force Intelligence Log storage upto 7 years Compliance Reporting Windows & Linux 28 28
MSS SELM Comparison Device + Policy Management AI Alerting Eyes On Monitoring MSS Standard X X MSS Select / Premium X X X Or with Event monitoring option SELM Select + SOC Event Monitoring X X 29
Enablement Services: Vulnerability Management Systems Internal & External Vulnerability Assessments Vulnerability Remediation Workflow Embedded Step-by-step Remediation Actions Complete Ticketing System Virtual Patch ties to MPS/MSS Granular Access Control & Permissions Fully functioned Reporting Industry Leading Customer Portal Embedded X-Force Intelligence 30 30
Enablement Services: X-Force Threat Analysis Service X-Force Threat Analysis Service News Vulnerabilities Exploits Worms/Virus Breaking Security Intelligence Alerts Configurable Alerting/Advisories Daily Emails Direct Feed from X-Force Research 30,000+ Records 31 31
Managed Email & Web Security Services
Managed E-mail Security 100% Virus Protection 99.2% Spam Effectiveness with 1 in 1 Million False Positives 90%+ effective in identifying pornographic attachments Enforces Acceptable Use Policy Multiple Layers of Defense Highly redundant infrastructure Assists in stopping confidential information leaving your company Industry Leading Performance-based SLAs 33 33
Managed Web Security Features: Web Converged Threat Analysis, taking recent threat information from other protocols such as email and applying that knowledge to web transactions Global load balancing optimizes web traffic filtering and provides network level fail-over Multiple layers of defense Industry-leading SLAs on service availability Visibility of activity at the user level without the need for software installed on every client Comprehensive on demand reporting (summary and detailed reports), auditing and dashboard Easy to configure and deploy 34
The power of the Integration
Integrated Services What You Get: Single view to overall security posture Integrated data sets across the entire breadth of services Correlation regardless of device type or vendor Integrated vulnerability management capabilities for improved accuracy and better protection Virtual Patching capabilities for streamlined remediation Automated event escalation Built-in security intelligence 36
The Power of Integrated Services MSS in Action Managed Protection Services with Vulnerability Management Services Scan network to detect vulnerabilities. Use the Virtual-SOC portal to request application of patch updates to protect entire network or individual servers. Upon receipt of the patch request, an IBM ISS SOC analyst will implement an IPS rule, if applicable; to block access to the specific vulnerability and apply protection for the system until it is patched. 37
The Power of Integrated Services MSS in Action Managed Intrusion Detection/Prevention Service with the Managed Firewall Services If IBM ISS monitors and manages firewall and intrusion detection/prevention, and an attack is verified... IBM ISS requests authorization to implement changes to firewall rules and/or IPS policies to prevent access from malicious hosts. 38
The Power of Integrated Services MSS in Action Security Event & Log Management Services & Managed Intrusion Detection/Prevention Services or Managed Firewall Services IBM ISS provides the ability to manage, monitor, or view all of the customer's firewall, IDS and IPS devices. IBM ISS provides customers with a consolidated security view and full reporting capabilities. Customers can access secure log/event archival of all aggregated security events for up to 7 years. Customer can leverage combined trouble ticketing capabilities to track issue resolution transparently across managed and unmanaged devices. 39
The Power of Integrated Services MSS in Action X-Force Threat Analysis Service and Vulnerability Management Services Schedule automated scans to identify OS's, applications, and their respective vulnerabilities. Scan results dynamically reconfigure the customer's XFTAS alerting preferences, providing real-time alert notifications for actionable vulnerabilities. Remediation workflow management features of the VMS service allow for generation of tickets for vulnerable assets with powerful grouping and prioritization capabilities. Validated remediation tasks have been completed by re-scanning of vulnerable assets. 40
X-Force Means Better Protection For ALL MSS Clients! Proof point: Widespread SQL Injection Attacks of 2008 MSS and X-Force collaborated to monitor outbreaks of SQL injection and detect variants during the second half of 2008 MSS clients using IBM ISS Proventia devices were preemptively protected from SQL Injection attacks via X-Force security updates MSS clients using security devices from other vendors were protected thanks to collaboration with X-Force to create non-public custom detection signatures specifically for MSS clients 41
Customer Portal
MSS Customer Portal : Dashboard Full Portal Searching Daily Threat Assessment Recent Security Incidents & Service Requests 7 Day / Daily Trends Security News, Bulletins. and Intelligence Quick Links 43 43
Portal Real-Time Events : Device Management Policies View Live event IDS monitoring can be Firewall done via the Active Analyzer Anti-Virus function on Anti-Spam the Logs menu. Web-Filtering The Policies Active Analyzer can be set to Autorefresh every 30 seconds or manually via single click. 44 44
Portal Real-Time Events : Device Management Protected Servers Monitored Networks Details Device Heath Charts 45 45
MSS Customer Portal : Real-Time Log view IDS, Firewall, VPN, AntiVirus, AntiSpam, URL Filtering Logs Available Drill down feature Normalized Logs or Raw Logs. 46 46
Log & Event Archival Queries 47 47
X-Force Protection System (XPS) Normalization; Aggregation; Correlations; Categorization; Prioritization Correlations Cross platform Historical & Statistical Asset : Internal Asset : Authorized Scanner Asset : criticality Vulnerability & OS XPS Alerts IDPS XPS Alerts Firewall 48 48
MSS Customer Portal : Real-Time Meta events Live event monitoring Changes in can event be done baselines via the Active are Analyzer reflected function in the on Active the Logs Analyzer menu. by highlighting the The event Active row Analyzer and can displaying be set to deltas Autorefresh for event every counts, 30 sources seconds and or manually destinations via single between click. refresh periods. 49 49
MSS Customer Portal : Real-Time Meta events 200% increase 50
MSS Customer Portal : XPS Alerting Correlation Rules Data Mining Rules System Activity Rules 51 51
MSS Customer Portal : XPS Alerting 52
MSS Customer Portal : Ticket Manager All tickets generated by both ISS and the customer are viewable via the Ticket Manager. A user-friendly query interface allows for rapid access to specific ticketing data. All tickets are available on-line for up to one year as a standard component of all ISS Managed Services. 53 53
Customer Portal Reporting The portal reporting engine provides a custom query capabilities that allow users to build reports for exactly the data they desire. All reports can be run in several formats and can be exported to HTML, CSV and PDF. 54 54
Conclusion
Managed Security Services Guaranteed Protection Industry s leading performance-based service level agreement (SLA) with a cash-back payment enhances overall security posture Provides protection from known and unknown threats Lowers Total Cost of Ownership Reduced complexity Integrated services reduces security exposures Virtual-Security Operation Center Infrastructure optimization Maximized network uptime, availability, and bandwidth Integration of disparate security technologies Simplification of on-going security management, Improves speed to protection Global, local capability and scalability for optimization of existing infrastructure Optimized employee productivity More efficient use of resources 24/7/365 or coverage on nights, weekends, off-hours Built-in security expertise (systems, people) Helps Demonstrate Compliance Satisfies customer internal and regulatory controls Process to meet and maintain compliance 56
MSS - Delivering Value Through Differentiation Breadth of services Monitored and Managed Services, vendor agnostic Cloud-based Security as a service Integrated services Correlation of security vulnerabilities with events to provide optimized security Single management view and control of enterprise wide security posture Integrated executive and technical reporting Flexible service options Maintain as much control as you want monitored, managed, unmanaged, combination of both Protection at your fingertips nights, weekends, off-hours 57
MSS - Delivering Value Through Differentiation Strong Service Level Agreements (SLAs) Built on security best practices Performance-based Guaranteed Protection services Virtual Security Operations Center Integrated services architecture combining: Management Portal Integrated X-Force Security Intelligence XPS (Normalization, aggregation, correlation, archival, escalation, remediation) Finds the needle in the haystack Work flow, ticketing, emergency response and forensics, comprehensive reporting Security Expertise Security is all we do, focused on protection X-Force 58
IBM Security Recognition Trusted global security solutions backed by real industry validation Leadership in Managed Security Services (2007, 2008, 2009) Gartner Magic Quadrant Forrester Wave Frost & Sullivan #1 Identity Management Provider, IDC (2007) #1 Vulnerability Assessment Provider, Frost & Sullivan (2007) Gartner Leaders Quadrant, Network IPS (February 2008) Gartner Leadership Quadrant, Web Access Management (October 2007) Gartner Leadership Quadrant, User Provisioning (August 2007) 59
Questions? Presenter: Collart Marius Thank you! marius_collart@be.ibm.com Title: Service Solutions Expert - Managed Security Services http://www-935.ibm.com/services/us/index.wss/itservice/iss/a1030786